Legal
Privacy
Overview
We at ISMS Connect have no interest in collecting data from you, that we don’t need to fulfill our service. See below what type of data we handle and why. Feel free to inquire us any time with your question regarding privacy.
– Christopher Eller, owner of ISMS Connect –
Responsible body
ISMS Connect (Owner: Christopher Eller) is responsible for the processing of data. The contact details can be found in the imprint.In accordance with Art. 4 Para. 7 of the GDPR.
Your rights
As a user, you have the following rights with regard to your personal data:
Right to information, right to rectification or deletion, right to restriction of processing, right to object to processing, right to data portability, right to withdraw consent.
You have the right and the possibility to complain to a data protection supervisory authority about the processing of your personal data. If you have any problems with this website, please write us a message.
Service providers
We commission service providers for individual services or functions of this website. Those sub processors are carefully chosen and bind to an order processing contract.
What we collect and why
Below you find a description of each data processing procedure as well as a detailed description of the legal basis for the data collect as well as the retention times.
Regarding Retention: Please note that our system backups may contain your personal data. So if the retention time expires or you delete your account, it may take additional 30 days until all information is completely gone from our backup systems.
Using this site
Contacting us
If you contact us (for example to get an offer or information about our product) by e-mail or the contact forms provided, the information you provide will be stored in order to answer your request and help you with additional requests. We will link multiple requests in our Helpdesk System and our customer database based on the sender e-mail to better understand your request and your project.
If you use the contact bubble in the right corner, our service provider Helpscout will additionally receive your IP and the help articles you clicked to help us link your request to your previous requests from you and to understand what problem you where facing.
Legal basis:
Art. 6 Para. 1 lit. a) – Consent (by establishing contact on your part)
Art. 6. par. 1 lit. b) – Fulfilment of a contract (if your request refers to an existing contract with us or if you wish to conclude a contract)
Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest to answer your request)
Retention: We keep all support inquiries up to 10 years to fulfill legal requirements on retention of business letters as support or general inquires can lead to an contract.
Website interaction
In order to display our website, to ensure the stability and security of the site and to statistically evaluate visits, we collect the data your browser sends to us (IP Adress, time, browser version, Operating system). Additionally, the contact form in the lower right corner is directly loaded from our service provider help scout when you call the site. Helpscout is a paid provider which operates under an contract with us. We use “Matomo” to analyze visitors as well as a Web Application Firewall to protect against attacks.
To analyse the flow of visitors we use the tool “Matomo” which only saves an anonymised IP address (last block of the IP address is replaced by “0”), the browser used and the pages called up. The use of cookies is limited to link search keywords with a successful transaction (“Will visitors who click this ad start a transaction?”).
For some sites, we analyze the usage with so called “heat maps” in Matomo. These maps shows us, which area of the page is viewed at most or what buttons are clicked most. For example we can see, that only a third of all visitors scrolls to the end of a specific page.
We use a web application firewall to protect ourselves from attacks. This firewall uses a blacklist available on our server to ward off harmful attacks. If an attack is detected and blocked, the IP of the attacker is sent to the provider of this blacklist to improve it. The IP will be removed after 90 days by the provider if no further harmful behaviour originates from this IP.
Legal basis:
Art. 6 para. 1 lit. f) – legitimate interest. Our legitimate interest:
to provide you with the requested website content.
to protect our website from attacks and to guarantee its technical operation.
to improve the function and accessibility of our website
to fight against fraudulent usage of our site
Retention: This data is stored beyond your visit for as long as it is necessary to ensure security functions such as protection against attacks. Matomo data is purged after 365 days. We will purge server and systems logs after 5 years in any case.
Online advertising
We use the Google search engine to place advertisements that link to this page. We rely on measuring the success of the ads (“Which ad makes customers buy something?”). When you visit our site through a Google Ads link, the Keyword you used to search us is registered with “Matomo” (see “Website interaction).
When you visit us, your browser tells roughly what Ad you have clicked (e.g. “ISMS templates” or “Consulting”) through so called “campaign tags” attached to the url of the ad. We save that information along the website interaction in “Matomo” to understand what Ads are likely to fulfill the expectation or what Ads lead to an user to leave immediately.
Further information on the use of data by Google, setting and objection options can be found in the Google data protection declaration (https://policies.google.com/privacy) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).
Legal basis:
Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest a) To measure the success of our advertisements.
Retention: We delete this data according to Retention of “Website interaction”.
E-Mail subscription
If you subscribe to the newsletter or an e-mail course on our website, we will store your address in our system in order to send you the corresponding e-mails. We delete these addresses as soon as you unsubscribe from the newsletter.
Legal basis:
Art. 6 Para. 1 lit. a) – Consent (By subscribing to the newsletter or e-mail offer via a form on the website)
Art. 6 para. 1 lit. b) – Fulfilment of a contract (sending of update notifications or event notices within the framework of the product contract)
Retention: We delete your address from the mailing list as soon as you unsubscribe from the newsletter. If you are a customer and receive mails, we will flag your account accordingly that you won’t receive mails in the future.
Using the service we provide
Adress data
If you order some of our services, the information you provide is used to process your order and write an invoice. As we offer subscription and user accounts, this information is retained as long your account is existent to allow reordering or renewing your subscription. Your IP address will be saved together with your order to protect us against fraud through incorrect orders.
Legal basis:
Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (processing of the order)
Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud)
Retention: Until you delete your account. Please note that legal storage obligations may extend the period of time during which we store your data because order data, especially invoices must be retained for about 10 years. In this case, we will restrict the processing of the data and delete it after expiry of the obligation to retain it.
Payment
We use the service provider “Stripe” to process your payment. They carry out a risk analysis based on the data entered. The processing of your payment and payment data is the responsibility of these providers. We use this provider to carry out SEPA & Credit Card Payments because we were target of fraudulent orders in the past. But if you do not feel comfortable with sharing your data with a third party for payment, you can contact us and we will set up traditional bank transfer for you. In that case, you will pay us directly.
Legal basis:
Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (processing of the order)
Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud)
Retention: Legal storage obligations may extend the period of time during which we store your data because order data, especially invoices must be retained for about 10 years. In this case, we will restrict the processing of the data and delete it after expiry of the obligation to retain it.
Your account
If you haven an account, free or paid, you can access the information available to you by using the login data provided (“Subscription”). You can use your account to request renewal of the product or deletion of all your data.
When you use our product, we will record your progress in processing the training courses in the Academy module to allow you to continue the course at any time where you left off. Also, we access this progress value in support cases to help understand where you have trouble. If the subscription you ordered expires, your account will not be automatically deleted to allow you accessing free content and to resume your subscription.
We combine your support requests, your subscription information and your progress in trainings in a single customer database to better understand your project progress and to support you in the best possible way when interacting with us.
You may want to invite your team members to your account, therefore invited team members will also have an profile identified by their E-Mail and Password. Also, they will have an profile with public information (like nickname) for the forum just like your profile.
If someone reports fraudulent or aggressive behavior, we may look into community messages or posts that are objectives to those reports.
Legal basis:
Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (provision of the forum, answering support requests)
Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud and moderating our forum)
Retention: As soon as you delete your customer account , we will delete your data from our systems.
Community
If you have an account, you can access our community provided by circle.so where you can access information and participate in discussions. You can manage your public profile directly to set up under which name you want to appear.
As circle.so may collect additional data from your visit (as described in the upcoming Cookie Banner after you visit circle / the community), we understand that you may want to avoid usage of the community. In that case, please contact us so we can send you documents and other information directly via e-mail.
Legal basis:
Art. 6. paragraph 1 lit. a) – Consent (by creating your account)
Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (provision of the circle.so community)
Retention: As soon as you delete your customer account , we will delete your account from circle.so. Please note that this does affect your profile, but not posted messages (your name is still removed from them). If you request, we can remove them also for you.
Video sessions
Occasionally we may invite customers to video sessions where problems or questions in customer projects are discussed. All customers that participate in those sessions are asked to keep shared information confidentially. However, its still a public forum. If all participants agree, we may record these sessions and share them on the website with other customers.
Legal basis:
Art. 6 Para. 1 lit. a) – Consent (by joining an invitation to one of these sessions or additionally agreeing to a recording of a session)
Retention: We keep no information on participants. If we record a session, we keep these recordings up to 10 years. If you object to the usage, we will happily remove parts of the clip where you are shown or heard so that you are not identifiable anymore.
Testimonials
Occasionally we may invite customers to write a testimonial about our service. In the form we send out, we ask for your opinion, name, photo and other information.
We use this feedback to improve our service and to share testimonials with pictures or citation of parts of it on our marketing channels like our website. We may translate reviews before sharing them.
Legal basis:
Art. 6 Para. 1 lit. a) – Consent (by sending your feedback through our testimonial form)
Retention: We keep customer reviews until you require the deletion from us.
Cookies
About
A distinction is made between “first party cookies” (cookies that come directly from our website) and “third party cookies” (cookies that come from a third party such as our web analysis service providers) – which are not used by us.
You can delete individual cookies or generally deactivate the use of cookies in your browser. Cookies have certain runtimes, after this time your browser automatically deletes them.
All cookies used are listed in “Cookies we use”. If a “*” is used, this means that there may be several cookies in your browser, which start with the same character string but serve the same function.
Below you can find a detailed description of the legal basis for the data collect as well as the retention times.
Essential cookies enable basic functions and are necessary for the proper functioning of the website. All cookies are essential for maintaining the correct function of the website and therefore are first-party cookies (delivered by our server).
Cookies we use
_pk*
Purpose: This cookie is used to link the clicked ad with a successful transaction like described in “Website interaction” and “Online Advertising”.
Cookieruntime: 1 year
